• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2024 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "tls_config_enhanced.h"
17 
18 namespace OHOS::NetStack::TlsSocket {
19 struct CipherSuiteConvertor {
20     CipherSuite cipherSuite = CipherSuite::INVALID;
21     const char *innerName = nullptr;
22     const char *standardName = nullptr;
23 };
24 
25 static constexpr const CipherSuiteConvertor CIPHER_SUITE_CONVERTOR[] = {
26     {
27         .cipherSuite = CipherSuite::TLS_AES_128_GCM_SHA256,
28         .innerName = "TLS_AES_128_GCM_SHA256",
29         .standardName = "TLS_AES_128_GCM_SHA256",
30     },
31     {
32         .cipherSuite = CipherSuite::TLS_AES_256_GCM_SHA384,
33         .innerName = "TLS_AES_256_GCM_SHA384",
34         .standardName = "TLS_AES_256_GCM_SHA384",
35     },
36     {
37         .cipherSuite = CipherSuite::TLS_CHACHA20_POLY1305_SHA256,
38         .innerName = "TLS_CHACHA20_POLY1305_SHA256",
39         .standardName = "TLS_CHACHA20_POLY1305_SHA256",
40     },
41     {
42         .cipherSuite = CipherSuite::TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
43         .innerName = "ECDHE-ECDSA-AES128-GCM-SHA256",
44         .standardName = "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
45     },
46     {
47         .cipherSuite = CipherSuite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
48         .innerName = "ECDHE-RSA-AES128-GCM-SHA256",
49         .standardName = "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
50     },
51     {
52         .cipherSuite = CipherSuite::TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
53         .innerName = "ECDHE-ECDSA-AES256-GCM-SHA384",
54         .standardName = "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
55     },
56     {
57         .cipherSuite = CipherSuite::TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
58         .innerName = "ECDHE-RSA-AES256-GCM-SHA384",
59         .standardName = "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
60     },
61     {
62         .cipherSuite = CipherSuite::TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
63         .innerName = "ECDHE-ECDSA-CHACHA20-POLY1305",
64         .standardName = "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
65     },
66     {
67         .cipherSuite = CipherSuite::TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
68         .innerName = "ECDHE-RSA-CHACHA20-POLY1305",
69         .standardName = "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
70     },
71     {
72         .cipherSuite = CipherSuite::TLS_RSA_WITH_AES_128_GCM_SHA256,
73         .innerName = "AES128-GCM-SHA256",
74         .standardName = "TLS_RSA_WITH_AES_128_GCM_SHA256",
75     },
76     {
77         .cipherSuite = CipherSuite::TLS_RSA_WITH_AES_256_GCM_SHA384,
78         .innerName = "AES256-GCM-SHA384",
79         .standardName = "TLS_RSA_WITH_AES_256_GCM_SHA384",
80     },
81     {
82         .cipherSuite = CipherSuite::TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
83         .innerName = "ECDHE-ECDSA-AES128-SHA",
84         .standardName = "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
85     },
86     {
87         .cipherSuite = CipherSuite::TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
88         .innerName = "ECDHE-RSA-AES128-SHA",
89         .standardName = "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
90     },
91     {
92         .cipherSuite = CipherSuite::TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
93         .innerName = "ECDHE-ECDSA-AES256-SHA",
94         .standardName = "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
95     },
96     {
97         .cipherSuite = CipherSuite::TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
98         .innerName = "ECDHE-RSA-AES256-SHA",
99         .standardName = "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
100     },
101     {
102         .cipherSuite = CipherSuite::TLS_RSA_WITH_AES_128_CBC_SHA,
103         .innerName = "AES128-SHA",
104         .standardName = "TLS_RSA_WITH_AES_128_CBC_SHA",
105     },
106     {
107         .cipherSuite = CipherSuite::TLS_RSA_WITH_AES_256_CBC_SHA,
108         .innerName = "AES256-SHA",
109         .standardName = "TLS_RSA_WITH_AES_256_CBC_SHA",
110     },
111     {
112         .cipherSuite = CipherSuite::TLS_RSA_WITH_3DES_EDE_CBC_SHA,
113         .innerName = "DES-CBC3-SHA",
114         .standardName = "TLS_RSA_WITH_3DES_EDE_CBC_SHA",
115     },
116 };
117 
GetCertTypeString() const118 std::string ClientCertificate::GetCertTypeString() const
119 {
120     switch (type) {
121         case CertType::PEM:
122             return "PEM";
123         case CertType::DER:
124             return "DER";
125         case CertType::P12:
126             return "P12";
127         default:
128             break;
129     }
130     return "";
131 }
132 
ToString() const133 std::string DnsServers::ToString() const
134 {
135     std::string s;
136     for (const auto &server : *this) {
137         // Do not add 0
138         s.append(server.ip).append(server.port != 0 ? ":" + std::to_string(server.port) : "").append(",");
139     }
140     if (!s.empty()) {
141         s.pop_back(); // last ','
142     }
143     return s;
144 }
145 
ToHeaderString() const146 std::string TransferRange::ToHeaderString() const
147 {
148     std::string s;
149     for (const auto &range : *this) {
150         if (!range.from && !range.to) {
151             continue;
152         }
153         std::string from = range.from ? std::to_string(range.from.value()) : "";
154         std::string to = range.to ? std::to_string(range.to.value()) : "";
155         s.append(from).append("-").append(to).append(", ");
156     }
157     if (s.size() > std::string(", ").size()) {
158         s.pop_back(); // pop last ', '
159         s.pop_back(); // pop last ', '
160     }
161     return s;
162 }
163 
GetCipherSuiteFromStandardName(const std::string & standardName)164 CipherSuite GetCipherSuiteFromStandardName(const std::string &standardName)
165 {
166     for (const auto &suite : CIPHER_SUITE_CONVERTOR) {
167         if (suite.standardName == standardName) {
168             return suite.cipherSuite;
169         }
170     }
171     return CipherSuite::INVALID;
172 }
173 
GetInnerNameFromCipherSuite(CipherSuite cipherSuite)174 std::string GetInnerNameFromCipherSuite(CipherSuite cipherSuite)
175 {
176     for (const auto &suite : CIPHER_SUITE_CONVERTOR) {
177         if (suite.cipherSuite == cipherSuite) {
178             return suite.innerName;
179         }
180     }
181     return {};
182 }
183 
ConvertTlsVersion(const std::string & tlsVersion)184 TlsVersion ConvertTlsVersion(const std::string &tlsVersion)
185 {
186     if (tlsVersion == "default") {
187         return TlsVersion::DEFAULT;
188     }
189     if (tlsVersion == "TlsV1.0") {
190         return TlsVersion::TLSv1_0;
191     }
192     if (tlsVersion == "TlsV1.1") {
193         return TlsVersion::TLSv1_1;
194     }
195     if (tlsVersion == "TlsV1.2") {
196         return TlsVersion::TLSv1_2;
197     }
198     if (tlsVersion == "TlsV1.3") {
199         return TlsVersion::TLSv1_3;
200     }
201     return TlsVersion::DEFAULT;
202 }
203 
ConvertTlsVersion(TlsVersion tlsVersion)204 TlsVersionRange ConvertTlsVersion(TlsVersion tlsVersion)
205 {
206     TlsVersionRange range;
207     if (tlsVersion == TlsVersion::DEFAULT) {
208         return range;
209     }
210     if (tlsVersion == TlsVersion::TLSv1_0) {
211         range.min.emplace(TlsVersion::TLSv1_0);
212         range.max.emplace(TlsVersion::TLSv1_0);
213         return range;
214     }
215     if (tlsVersion == TlsVersion::TLSv1_1) {
216         range.min.emplace(TlsVersion::TLSv1_1);
217         range.max.emplace(TlsVersion::TLSv1_1);
218         return range;
219     }
220     if (tlsVersion == TlsVersion::TLSv1_2) {
221         range.min.emplace(TlsVersion::TLSv1_2);
222         range.max.emplace(TlsVersion::TLSv1_2);
223         return range;
224     }
225     if (tlsVersion == TlsVersion::TLSv1_3) {
226         range.min.emplace(TlsVersion::TLSv1_3);
227         range.max.emplace(TlsVersion::TLSv1_3);
228         return range;
229     }
230     return range;
231 }
232 
IsTlsV13Cipher(const std::string & innerName)233 static bool IsTlsV13Cipher(const std::string &innerName)
234 {
235     return innerName == "TLS_AES_128_GCM_SHA256" || innerName == "TLS_AES_256_GCM_SHA384" ||
236            innerName == "TLS_CHACHA20_POLY1305_SHA256";
237 }
238 
ConvertCipherSuiteToCipherString(const std::unordered_set<CipherSuite> & cipherSuite)239 TlsCipherString ConvertCipherSuiteToCipherString(const std::unordered_set<CipherSuite> &cipherSuite)
240 {
241     TlsCipherString cipherString;
242     for (const auto &cipher : cipherSuite) {
243         auto innerName = GetInnerNameFromCipherSuite(cipher);
244         if (innerName.empty()) {
245             continue;
246         }
247         if (IsTlsV13Cipher(innerName)) {
248             cipherString.tlsV13CiperSuiteString.append(innerName).append(":");
249         } else {
250             cipherString.ciperSuiteString.append(innerName).append(":");
251         }
252     }
253     if (!cipherString.tlsV13CiperSuiteString.empty()) {
254         cipherString.tlsV13CiperSuiteString.pop_back();
255     }
256     if (!cipherString.ciperSuiteString.empty()) {
257         cipherString.ciperSuiteString.pop_back();
258     }
259     return cipherString;
260 }
261 
GetHashAlgorithm(const std::string & hashAlgorithm)262 HashAlgorithm GetHashAlgorithm(const std::string &hashAlgorithm)
263 {
264     if (hashAlgorithm == "SHA-256") {
265         return HashAlgorithm::SHA256;
266     }
267     return HashAlgorithm::INVALID;
268 }
269 } // namespace OHOS::NetStack::TlsSocket